Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Breach Debrief: Twilio’s Authy Breach is a MFA Wakeup Call

Blog Published: 07/18/2024

Originally published by Adaptive Shield.Inside the HackEarlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered with Authy by fe...

New Cloud Security Guidance from CSA

Blog Published: 07/17/2024

In the last seven years, several revolutionary developments have occurred in the cloud computing industry. Considering the impact of these changes, CSA has released a new version of our Security Guidance for Critical Areas of Focus in Cloud Computing. We have completely revamped this updated 5th ...

3 Reasons Data Access & Data Classification Are Crucial

Blog Published: 07/17/2024

Originally published by Cyera. Written by Jaye Tillson.The digital revolution has irrevocably transformed our world. From the constant stream of social media updates to the ever-growing network of internet-connected devices, we generate a staggering amount of data every single day. Experts at IDC...

The Leadership Tightrope: Why Leading in Today's Workforce is a Balancing Act

Blog Published: 07/17/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Leadership. It's a word that's often tossed around (as if we all understand what it is and how it’s performed). Yet, truly effective leaders are very hard to find. Some might see leadership as a natural p...

CCSK v5: Updated Cloud Security Knowledge with a Unique Pedigree

Blog Published: 07/16/2024

Written by Martin Hall.Cloud computing continues to become even more pivotal to business and consumer lives. AI has added a disruptive new dimension and set of opportunities to add further cloud power and complexity. And Zero Trust has emerged as a central principle for securing cloud assets. As ...

Streamlining Compliance: Leveraging OSCAL Automation for Effective Risk Management

Blog Published: 07/16/2024

Originally published by RegScale.Written by Esty Peskowitz.Navigating FedRAMP compliance complexities is growing more challenging by the day. The use of automation in everyday activities has become a necessity for security professionals. During a fireside chat at Coalfire’s RAMPCon event on June ...

Cloud Security Alliance Sets New Standard in Cloud Security Expertise with the Certificate of Cloud Security Knowledge (CCSK) v5

Press Release Published: 07/16/2024

Latest version of CSA’s vendor-neutral, cloud security training and certificate provides a comprehensive catalog of the essential knowledge cybersecurity professionals need to masterSEATTLE – July 16, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining...

Data Breach Accountability: Who’s to Blame?

Blog Published: 07/16/2024

Written by Chad Walter, CRO, Paperclip. Data breaches have surged in frequency and cost—to the tune of $8 trillion dollars globally in 2023. And this isn’t just impacting the companies who are breached; these costs impact customer trust and contribute to global inflation. We are also seeing a m...

Buckle Up: BEC and VEC Attacks Target Automotive Industry

Blog Published: 07/15/2024

Originally published by Abnormal Security.Written by Mick Leach.While every organization across every vertical is at risk of experiencing advanced email attacks, there are certain industries that, for various reasons, periodically become the go-to target for threat actors. Our research revealed t...

Non-Human Identity Management

Blog Published: 07/15/2024

Originally published by Oasis.Non-human identities, or NHIs, serve as digital gatekeepers, enabling secure machine-to-machine and human-to-machine access and authentication within modern enterprise systems. The push for innovation has led to the adoption of microservices, third-party solutions, a...

The Importance of STAR Level 1 for Achieving STAR Level 2: A Comprehensive Overview

Blog Published: 07/12/2024

As organizations strive to enhance their security posture and demonstrate compliance with industry standards, the Cloud Security Alliance (CSA) STAR certification program offers a robust framework for cloud security assurance. However, the journey from STAR Level 1 to STAR Level 2 involves more t...

Analysis of the 2024 Verizon Data Breach Investigations Report

Blog Published: 07/12/2024

Originally published by BARR Advisory.The 2024 Verizon Data Breach Investigations Report (DBIR)—an annual report examining dominant trends in data breaches and cyberattacks throughout the world—is now out for review. Verizon began releasing this report in 2008, and throughout its tenure it has se...

The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1

Blog Published: 07/11/2024

Written by Elad Yoran & Patricia Schouker. The adage "the only constant is change" was relevant at this year’s RSA Conference when it comes to enterprise cybersecurity. While much attention was appropriately focused on the possible implications of AI on security, conversations with CISOs indi...

Hacking Paris 2024: Olympic Cyber Threats

Blog Published: 07/11/2024

Originally published by CXO REvolutionaries. Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.Despite repeated predictions of cyber-fueled chaos at the Olympic and Paralympic Games since at least 2004, to date, no Olympics has ever been significantly disrupted. There is reason to believe...

Cloud Security Alliance Announces 2024 Chapter Ambassadors List

Press Release Published: 07/11/2024

Annul program recognizes individuals who best exemplify CSA valuesSEATTLE – July 11, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to an...

Combatting Data Security Cluelessness

Blog Published: 07/11/2024

Written by Nikhil Girdhar, Sr. Director of Data Security, Securiti AI.In cybersecurity, the old adage you 'can’t protect what you can’t see' rings especially true. While the initial step of discovering and classifying sensitive data is critical, it's just the beginning. Many security teams find t...

Why ASPM is Critical Now—And How You Can Make It Happen

Blog Published: 07/10/2024

Originally published by Dazz.Written by Tomer Schwartz, Co-founder & CTO, Dazz.By 2026, 40% of organizations will have an Application Security Posture Management solution (ASPM) in place, according to Gartner. What’s driving the need for ASPM solutions? The Cloud Security Alliance (CSA) recen...

Revamping Third Party Vendor Assessments for the Age of Large Language Models

Blog Published: 07/10/2024

Written by MJ Schwenger, Member of the CSA AI Working Group.Originally published on LinkedIn.Introduction The increasing adoption of Large Language Models (LLMs) in the supply chain presents a new challenge for traditional Third-Party Vendor Security Assessments (TPVRAs). This blog explores how...

How CSA Corporate Membership Enhances Your STAR Submission

Blog Published: 07/09/2024

In today’s digital age, cloud security is more important than ever. Organizations are looking for cloud service providers that not only meet but exceed security standards. The CSA STAR (Security, Trust, Assurance and Risk) Registry is a valuable resource that highlights service providers who adhe...

Bridging the Gap: How to Ensure Seamless Collaboration Between Security & Development Teams

Blog Published: 07/08/2024

Written by Urvi Mehta, ArmorCode.In today's interconnected digital landscape, software serves as the backbone, driving the evolution of increasingly sophisticated applications. While this evolution fuels progress and exciting features, it also creates a vast playground for cyber threats. Simple, ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
9
10
11
13
15
16
17
Last »